What Is CCPA (California Consumer Privacy Act) and What Does It Mean To Marketers?

In June 2018, the California legislature passed the California Consumer Privacy Act (aka CaCPA or CCPA). The CCPA’s rapid passage — it is a legislative replacement for a ballot initiative that went from draft to law in less than a week — was created to address growing consumer concerns about data protection and provide California consumers with important controls over their personal information.

While parts of the law still require clarification from the California Attorney General, it poses a challenge to businesses that want to be sure everything they are doing now to prepare for CCPA encompasses all of the law’s requirements. However,it also creates opportunities for companies to step up and distinguish themselves through strong data ethics and governance programs. As such, CCPA compliance will help companies bolster their commitments to consumer choice and demonstrate transparency and trust.

What Is the CCPA?

The CCPA is the most comprehensive privacy law in the United States to date and is designed to give Californians more control over their personal information.

Major new data protections the CCPA introduces include:

Right to access information – Consumers in California will be able to know the “what, who, and why” surrounding their personal information. Specifically, they can request the following, which must be provided in a portable format:

Which categories of personal information were collected, shared, or sold

Categories of sources from which this personal information was collected, with whom it was shared, and to whom it was sold to

The specific pieces of personal information it has collected about that consumer

Why the personal information was collected

Right to deletion – Consumers in California will be able to request that a company delete the personal information it has collected about them.

Right to opt out – Consumers in California will be able to direct a company to not sell their personal information to third parties. It’s also important to note that the definition of “sell” in the bill is broader than simply monetary exchange.

Although it was passed in June 2018, the CCPA will go into effect on January 1, 2020. As a result, companies can expect the California Attorney General to clarify the requirements of the CCPA and expect the California legislature to amend the law. The CCPA has already been amended to include, for example, a grace period for businesses in which the Attorney General cannot bring an enforcement action until six months after final regulations have been published, or July 1, 2020, whichever is sooner. Please note that this grace period does not apply to the private right of action consumers can bring under the CCPA. There are also a number of other amendments still pending in the California legislature.

Who does the CCPA apply to?

The CCPA applies to for-profit businesses operating in California that collect personal information of California consumers for which any of the following are true:

Governance – ensure compliance is monitored and enforced by reviewing all data sources and performing privacy impact assessments, as well as amending contracts as needed

Of course, it takes organizational commitment and a clear methodology to build a data ethics program that goes above and beyond regulation. Doing so is the best way to future-proof your organization for the complexity that will result from present and future applications of data usage.

Want more content about CCPA and other issues affecting marketers? Subscribe to RampedUp.us below!